MyBB Community Forums

MyBB Community Forums > MyBB Resources > Plugins & Code Modifications > Development > RaidNinja MyBB Login Module
Full Version: RaidNinja MyBB Login Module
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

eRott

01-24-2008, 11:51 AM
Okay, so basically what im looking for is how MyBB authenticates users when they login in. Specifically how it deals with the passwords. Okay, first off, I know MyBB encrypts passwords using the md5 function, and also the password salt comes into play somehow. But that's about all I know lol.

Im basically looking to take a password from a login form and compare that to the user's passoword in MyBB. If the passwords match, then blah blah blah, you know the rest.

So im looking for something simple like:

PHP Code:
$password_check_query "SELECT * FROM ".MYBB_PREFIX."users WHERE username='".mysql_real_escape_string(htmlentities($_POST['login_username'], ENT_QUOTES'UTF-8'))."' AND password='//STUCK HERE//'"

Also, does does the my_post_key hidden input field in the login form have anything to do with it?

Code:
<input type="hidden" name="my_post_key" value="-------------------------------" />

So, problem is, how does MyBB forumlate/check the password? Thanks in advance.

Take care.

DennisTT

01-25-2008, 08:00 AM
Take a look at the validate_password_from_uid function in inc/functions_users.php. I guess you can also take a look at member.php in the do_login section.

eRott

01-26-2008, 05:53 PM
DennisTT Wrote:Take a look at the validate_password_from_uid function in inc/functions_users.php. I guess you can also take a look at member.php in the do_login section.

I looked at that / tried it and i couldn't get it to work the way I needed it to. I figured it out in the end though.

PHP Code:
$get_salt_query "SELECT * FROM ".MYBB_PREFIX."users WHERE username='".mysql_real_escape_string(htmlentities($_POST['login_username'], ENT_QUOTES'UTF-8'))."'";

$get_salt_result mysql_query($get_salt_query) or die(mysql_error());

$grab mysql_fetch_array($get_salt_result) or die(mysql_error());

$password $_POST['login_password'];
$salt $grab['salt'];

$salt_password md5(md5($salt).md5($password)); 

That's the basis of it. You then compare $salt_password to the one in the db ya de da and so on.

For anyone who is looking for this module, I have written the full instructions HERE, however, the developers have asked to put it in the next RaidNinja release, so until the next release, just follow the instructions.

Take care.
eRott
MyBB Community Forums > MyBB Resources > Plugins & Code Modifications > Development > RaidNinja MyBB Login Module
Reference URL's